Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

SEPM offline - how will clients update when bought back online?

Created: 26 Jun 2013 • Updated: 02 Jul 2013 | 17 comments
This issue has been solved. See solution.

Hi there everyone,

Many time reader, first time poser of a question... I have a query around update content and delta updates.

Due to some issues, my SEPMs (v12.1.2) have been offline and missed downloading new content every 4 hours. In the interim clients will have autonomously received updates from the Internet directly (and as such be on a later version of definition revision that the SEPM when it comes back online).

My question - will the SEPM distribute the full.zip to these clients when it receives the first download itself, or will it be able to construct a delta update for those clients, based on what it had previously and what it will have after it's first download? I keep 90 content revisions, and will be around 3-5 revisions behind - last download 130624020.

Many thanks!

Operating Systems:

Comments 17 CommentsJump to latest comment

.Brian's picture

You're only a few days out of date and with you keeping 90 revisions, it should be able to construct a delta and send the delta the clients instead of a full

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Rafeeq's picture

There is a logic involved check this

When will a client download a full definition set from a Symantec Endpoint Protection Manager or Group Update Provider?

Shakedown1979's picture

Thanks Brian - That's kind of what I hoped, however it appears to be against what Rafeeq suggests - although the tech article link is for v11 specifically and clients assumed to be older. This will be newer clients. It would seem a little inefficient if they will download a full.zip, and also break my network since there are 1,000s of them... frown

.Brian's picture

90 revisions is roughly a months worth of definitions

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Rafeeq's picture

You did mention that In the interim clients will have autonomously received updates from the Internet directly

if they have received updates from Internet and are upto date. SEPM will only send updates if they are missing, if they already have the latest. it would not send any to them.

SMLatCST's picture

The theory is that the SEPM will create a delta as long as it has in its repository the def that the client is using, and the latest defs.  It is only able to create a delta by looking at both, and comparing the differences.

In other words, everything is fine if the clients and the SEPM are on the same defs, as everything afterwards will be updated using deltas.

You only need to worry if a client is running a def revision that the SEPM has missed (while offline).

Note: This assumes the SEPM doesn't download the defs its missed anyway.  I'd recommend checking the LiveUpdate Content Policy for the revisions it has in its repository to see if it does grab missed defs.

Shakedown1979's picture

Yeah maybe I'm getting myself a little confused over this... So the following would be what will happen (?)

.. Numbers used below are purely examples

  • Client has rev.003, SEPM is offline and the most recent revision it has is rev.001
  • SEPM is bought online
  • Client connects to SEPM, SEPM has nothing newer to offer immediately so offers nothing to client/nothing is downloaded
  • SEPM LU cycle runs and receives rev.004, but does not have rev.002 and rev.003 interim revisions
  • SEPM is capable of building delta between rev.003 (Client) and rev.004 (SEPM)
  • Delta to rev.004 is download to Client
Beppe's picture

Hello,

of course, the SEPM can't create a delta between 004 and 003 without having 003 too, hence a full.zip is sent.

Find here some older JDB files to fill the gap in the SEPM:

ftp://ftp.symantec.com/AVDEFS/symantec_antivirus_c...

http://www.symantec.com/business/support/index?pag...

Regards,

Giuseppe

Shakedown1979's picture

OK - missed that message while typing the last...

In which case, yes, the SEPM will have missed updates that the clients have...

Shakedown1979's picture

Hi Beppe - If this works I'm forever in your debt :) Much appreciatd. Would you suggest bringing the .JDB files in one-by-one in the standard manner - i.e. put them into the inbox, wait for the SEPM to update, add the next, etc...?

Beppe's picture

You are welcome!

Yes, I would do it one-by-one. If it will end up that what is published in the public FTP site does not cover your gap, you need to contact our Technical Support to get older and/or specific JDB files.

Regards,

Giuseppe

Shakedown1979's picture

Looking at the available FTP downloads, it should cover exactly the gap we need...

We will change the Apache webserver port to prevent clients from downloading content directly from the SEPM in the interim until all the definitions are up-to-date again, then bring back onto 8014.

I shall put an update on here tomorrow with the result.

Again - much appreciated for your response!

Beppe's picture

Hello,

did it work? If yes, remember to flag this discussion as resolved!

Regards,

Giuseppe

SOLUTION
.Brian's picture

OK so what was the solution?? please mark the right one

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Shakedown1979's picture

I checked off Beppe's last response... To download the JDB files for the missing content. Without that, would have been full.zips all the way.

All advise has been much appreciated though, I've been really impressed with the responses on the KB

Chetan Savade's picture

Hi,

Thank you for posting in Symantec community.

A client will download a full definition any time its SEPM is not able to build a delta for the content it is requesting. In order for the SEPM to be able to build a delta, the following conditions must be met:
 
The SEPM must have a copy of the definition revision that the client is currently at.
The SEPM must have a copy of the content being requested by the client.
If both conditions are met, then the SEPM will build a delta for the requested content.
 
In most cases, if a client is requesting a full.zip, it is because its definitions are farther out of date than the number of content revisions being kept on the SEPM. If a client is requesting a full.zip because of this condition, the product is working as designed.
 
 

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

Shakedown1979's picture

Yes - brilliant thanks... We imported all the missing content last night (around 13 JDBs worth), and the SEPM is happilly creating deltas today :D